KiwiRail security fail: tickets available for free

KiwiRail’s amateur cyber security left a test website open to the public where it was possible to book train and ferry tickets for free, says Labour’s Open Government spokesperson Clare Curran.

“KiwiRail left its test website open for anyone on the internet. On the site it was possible to make legitimate bookings on ferries and trains with a fake credit card number. It is remarkably easy for anyone with good technical knowledge to use the site to make free bookings.

“Basically KiwiRail left a hole in its security so big you could drive a train through it.

“What makes matters worse is after I was contacted by a whistleblower I alerted KiwiRail who took 16 days to fix it. It is still unclear if the issues have been fixed.

“National says cyber security is extremely important but that message clearly isn’t getting through to agencies. The Government has to get into the 21st Century and secure its websites.

“Amy Adams launched a computer emergency response team (CERT) to great fanfare late last year to help protect the public and businesses online. It’s extremely embarrassing that its government agencies need that team more than anyone,” says Clare Curran.